From patchwork Wed Jul 21 18:41:31 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthew Wilcox <willy@infradead.org>
X-Patchwork-Id: 12391939
Return-Path: <SRS0=5lZ1=MN=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7AE40C636C9
	for <linux-mm@archiver.kernel.org>; Wed, 21 Jul 2021 18:42:17 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 265AA6128A
	for <linux-mm@archiver.kernel.org>; Wed, 21 Jul 2021 18:42:17 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 265AA6128A
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=infradead.org
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id A75B96B005D; Wed, 21 Jul 2021 14:42:16 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A270F6B006C; Wed, 21 Jul 2021 14:42:16 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 914626B0070; Wed, 21 Jul 2021 14:42:16 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0077.hostedemail.com
 [216.40.44.77])
	by kanga.kvack.org (Postfix) with ESMTP id 728106B005D
	for <linux-mm@kvack.org>; Wed, 21 Jul 2021 14:42:16 -0400 (EDT)
Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 25C2618582126
	for <linux-mm@kvack.org>; Wed, 21 Jul 2021 18:42:16 +0000 (UTC)
X-FDA: 78387465072.23.7080C33
Received: from casper.infradead.org (casper.infradead.org [90.155.50.34])
	by imf06.hostedemail.com (Postfix) with ESMTP id 6957F802AB66
	for <linux-mm@kvack.org>; Wed, 21 Jul 2021 18:42:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version:
	Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
	Content-Description:In-Reply-To:References;
	bh=QAFE3m3sGfm0XHof4+1aoQntJ/lWm+TZn6x1+h/OpC0=; b=Ph89ZAA4aD3d30oY3o18nv8iGb
	/7JEcnDFcyBJhO9jTARxkPybXEPs2dWWC5OAr4/6chaGfOkkSuaRxlyq/TEf4RemeTrrx4lRL9kpT
	KbJLI8mUEVSkmB8c2zR5FjkP1/fVj5xHjbcuByyI9ZSCyiPEBsoBS5t0N6EzTNFMmBPR+w1stoFX3
	EIUAc16GkvjBNREPmf8f7LyjYxyA2+FsJKYCW9Rou6Re74Cvw2atNTPqTizJhwnqB61uGV1k/tjVr
	3EclEYaqmlZhdhZkaCIVN8QWbeqS8BcjIhmZ3nIa9+iDwq5OajjWiiC/feamQb5Wxukiy7x2DPUwg
	sMtWidJA==;
Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red
 Hat Linux))
	id 1m6H9z-009V5o-23; Wed, 21 Jul 2021 18:41:42 +0000
From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
To: Al Viro <viro@zeniv.linux.org.uk>,
	Qualys Security Advisory <qsa@qualys.com>,
	Eric Sandeen <sandeen@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Subject: [PATCH] mm: Make kvmalloc refuse to allocate more than 2GB
Date: Wed, 21 Jul 2021 19:41:31 +0100
Message-Id: <20210721184131.2264356-1-willy@infradead.org>
X-Mailer: git-send-email 2.31.1
MIME-Version: 1.0
Authentication-Results: imf06.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=Ph89ZAA4;
	spf=none (imf06.hostedemail.com: domain of willy@infradead.org has no SPF
 policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org;
	dmarc=none
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 6957F802AB66
X-Stat-Signature: 7zekkge5pujhdrnx3twbp331a59xi9yj
X-HE-Tag: 1626892935-443427
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

It's generally dangerous to allocate such large quantities of memory
within the kernel owing to our propensity to use 'int' to represent
a length.  If somebody really needs it, we can add a kvmalloc_large()
later, but let's default to "You can't allocate that much memory".

Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
---
 fs/seq_file.c                                     | 3 ---
 mm/util.c                                         | 7 +++++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/fs/seq_file.c b/fs/seq_file.c
index 4a2cda04d3e2..b117b212ef28 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -32,9 +32,6 @@ static void seq_set_overflow(struct seq_file *m)
 
 static void *seq_buf_alloc(unsigned long size)
 {
-	if (unlikely(size > MAX_RW_COUNT))
-		return NULL;
-
 	return kvmalloc(size, GFP_KERNEL_ACCOUNT);
 }
 
diff --git a/mm/util.c b/mm/util.c
index 9043d03750a7..8ff2a8924d5f 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -593,6 +593,13 @@ void *kvmalloc_node(size_t size, gfp_t flags, int node)
 	if (ret || size <= PAGE_SIZE)
 		return ret;
 
+	/*
+	 * Succeeding for sizes above 2GiB can lead to truncation if
+	 * someone casts the size to an int.
+	 */
+	if (size > INT_MAX)
+		return NULL;
+
 	return __vmalloc_node(size, 1, flags, node,
 			__builtin_return_address(0));
 }